mihari 7.3.2 → 7.4.0

data/lib/mihari/commands/artifact.rb

@@ -20,7 +20,7 @@ module Mihari
               # @return [Mihari::Services::ResultValue]
               #
               def _search(q, page: 1, limit: 10)
-                filter = Structs::Filters::Search.new(q: q, page: page, limit: limit)
+                filter = Structs::Filters::Search.new(q:, page:, limit:)
                 Services::ArtifactSearcher.result(filter).value!
               end
             end

data/lib/mihari/commands/rule.rb

@@ -21,7 +21,7 @@ module Mihari
               # @return [Mihari::Services::ResultValue]
               #
               def _search(q, page: 1, limit: 10)
-                filter = Structs::Filters::Search.new(q: q, page: page, limit: limit)
+                filter = Structs::Filters::Search.new(q:, page:, limit:)
                 Services::RuleSearcher.result(filter).value!
               end
             end

data/lib/mihari/commands/tag.rb

@@ -20,7 +20,7 @@ module Mihari
               # @return [Mihari::Services::ResultValue]
               #
               def _search(q, page: 1, limit: 10)
-                filter = Structs::Filters::Search.new(q: q, page: page, limit: limit)
+                filter = Structs::Filters::Search.new(q:, page:, limit:)
                 Services::TagSearcher.result(filter).value!
               end
             end

data/lib/mihari/concerns/autonomous_system_normalizable.rb

@@ -16,10 +16,7 @@ module Mihari
       # @return [Integer]
       #
       def normalize_asn(asn)
-        return asn if asn.is_a?(Integer)
-        return asn.to_i unless asn.start_with?("AS")
-
-        asn.delete_prefix("AS").to_i
+        asn.to_s.delete_prefix("AS").to_i
       end
     end
   end

data/lib/mihari/concerns/configurable.rb

@@ -40,7 +40,7 @@ module Mihari
           configuration_keys.map do |key|
             value = Mihari.config.send(key)
             value = "REDACTED" if value && Mihari.config.hide_config_values
-            { key: key.upcase, value: value }
+            {key: key.upcase, value:}
           end
         end
 

data/lib/mihari/concerns/database_connectable.rb

@@ -8,8 +8,8 @@ module Mihari
     module DatabaseConnectable
       extend ActiveSupport::Concern
 
-      def with_db_connection(&block)
-        Database.with_db_connection(&block)
+      def with_db_connection(&)
+        Database.with_db_connection(&)
       end
     end
   end

data/lib/mihari/concerns/retriable.rb

@@ -41,7 +41,7 @@ module Mihari
         begin
           try += 1
           yield
-        rescue StandardError => e
+        rescue => e
           # Raise error if it's not a retriable error
           raise e unless condition.call(e)
 

data/lib/mihari/config.rb

@@ -42,7 +42,8 @@ module Mihari
       ignore_error: false,
       pagination_interval: 0,
       pagination_limit: 100,
-      parallel: false,
+      analyzer_parallelism: false,
+      emitter_parallelism: true,
       retry_exponential_backoff: true,
       retry_interval: 5,
       retry_times: 3,
@@ -146,7 +147,10 @@ module Mihari
     # @!attribute [r] pagination_limit
     #   @return [Integer]
 
-    # @!attribute [r] parallel
+    # @!attribute [r] analyzer_parallelism
+    #   @return [Boolean]
+
+    # @!attribute [r] emitter_parallelism
     #   @return [Boolean]
 
     # @!attribute [r] ignore_error

data/lib/mihari/constants.rb

@@ -5,8 +5,8 @@ module Mihari
   DEFAULT_DATA_TYPES = Types::DataTypes.values.freeze
 
   # @return [Array<Hash>]
-  DEFAULT_EMITTERS = Emitters::Database.keys.map { |name| { emitter: name.downcase } }.freeze
+  DEFAULT_EMITTERS = Emitters::Database.keys.map { |name| {emitter: name.downcase} }.freeze
 
   # @return [Array<Hash>]
-  DEFAULT_ENRICHERS = Mihari.enricher_to_class.keys.map { |name| { enricher: name.downcase } }.freeze
+  DEFAULT_ENRICHERS = Mihari.enricher_to_class.keys.map { |name| {enricher: name.downcase} }.freeze
 end

data/lib/mihari/emitters/base.rb

@@ -14,7 +14,7 @@ module Mihari
       # @param [Hash, nil] options
       #
       def initialize(rule:, options: nil)
-        super(options: options)
+        super(options:)
 
         @rule = rule
       end
@@ -23,7 +23,7 @@ module Mihari
       # @return [Boolean]
       #
       def parallel?
-        options[:parallel] || Mihari.config.parallel
+        options[:parallel] || Mihari.config.emitter_parallelism
       end
 
       # A target to emit the data

data/lib/mihari/emitters/database.rb

@@ -16,7 +16,7 @@ module Mihari
       def call(artifacts)
         return if artifacts.empty?
 
-        alert = Models::Alert.new(artifacts: artifacts, rule_id: rule.id)
+        alert = Models::Alert.new(artifacts:, rule_id: rule.id)
         alert.save
         alert
       end

data/lib/mihari/emitters/misp.rb

@@ -12,6 +12,9 @@ module Mihari
       # @return [String, nil]
       attr_reader :api_key
 
+      # @return [Array<String>]
+      attr_reader :attribute_tags
+
       # @return [Mihari::Rule]
       attr_reader :rule
 
@@ -24,10 +27,11 @@ module Mihari
       # @param [Hash, nil] params
       #
       def initialize(rule:, options: nil, **params)
-        super(rule: rule, options: options)
+        super(rule:, options:)
 
         @url = params[:url] || Mihari.config.misp_url
         @api_key = params[:api_key] || Mihari.config.misp_api_key
+        @attribute_tags = params[:attribute_tags] || []
 
         @artifacts = []
       end
@@ -51,7 +55,7 @@ module Mihari
           Event: {
             info: rule.title,
             Attribute: artifacts.map { |artifact| build_attribute(artifact) },
-            Tag: rule.tags.map { |tag| { name: tag } }
+            Tag: rule.tags.map { |tag| {name: tag.name} }
           }
         })
       end
@@ -66,7 +70,7 @@ module Mihari
       private
 
       def client
-        @client ||= Clients::MISP.new(url, api_key: api_key, timeout: timeout)
+        @client ||= Clients::MISP.new(url, api_key:, timeout:)
       end
 
       #
@@ -77,7 +81,11 @@ module Mihari
       # @return [Hash]
       #
       def build_attribute(artifact)
-        { value: artifact.data, type: to_misp_type(type: artifact.data_type, value: artifact.data) }
+        {
+          value: artifact.data,
+          type: to_misp_type(type: artifact.data_type, value: artifact.data),
+          Tag: attribute_tags.map { |tag| {name: tag} }
+        }
       end
 
       #

data/lib/mihari/emitters/slack.rb

@@ -30,25 +30,25 @@ module Mihari
       def vt_link
         return nil unless _vt_link
 
-        { type: "button", text: "VirusTotal", url: _vt_link }
+        {type: "button", text: "VirusTotal", url: _vt_link}
       end
 
       def urlscan_link
         return nil unless _urlscan_link
 
-        { type: "button", text: "urlscan.io", url: _urlscan_link }
+        {type: "button", text: "urlscan.io", url: _urlscan_link}
       end
 
       def censys_link
         return nil unless _censys_link
 
-        { type: "button", text: "Censys", url: _censys_link }
+        {type: "button", text: "Censys", url: _censys_link}
       end
 
       def shodan_link
         return nil unless _shodan_link
 
-        { type: "button", text: "Shodan", url: _shodan_link }
+        {type: "button", text: "Shodan", url: _shodan_link}
       end
 
       # @return [Array]
@@ -57,7 +57,7 @@ module Mihari
           {
             text: defanged_data,
             fallback: "VT & urlscan.io links",
-            actions: actions
+            actions:
           }
         ]
       end
@@ -140,7 +140,7 @@ module Mihari
       # @param [Hash, nil] params
       #
       def initialize(rule:, options: nil, **params)
-        super(rule: rule, options: options)
+        super(rule:, options:)
 
         @webhook_url = params[:webhook_url] || Mihari.config.slack_webhook_url
         @channel = params[:channel] || Mihari.config.slack_channel || DEFAULT_CHANNEL
@@ -177,9 +177,9 @@ module Mihari
       #
       def notifier
         @notifier ||= lambda do
-          return ::Slack::Notifier.new(webhook_url, channel: channel, username: username) if timeout.nil?
+          return ::Slack::Notifier.new(webhook_url, channel:, username:) if timeout.nil?
 
-          ::Slack::Notifier.new(webhook_url, channel: channel, username: username, http_options: { timeout: timeout })
+          ::Slack::Notifier.new(webhook_url, channel:, username:, http_options: {timeout:})
         end.call
       end
 
@@ -215,7 +215,7 @@ module Mihari
 
         @artifacts = artifacts
 
-        notifier.post(text: text, attachments: attachments, mrkdwn: true)
+        notifier.post(text:, attachments:, mrkdwn: true)
       end
     end
   end

data/lib/mihari/emitters/the_hive.rb

@@ -9,6 +9,9 @@ module Mihari
       # @return [String, nil]
       attr_reader :api_key
 
+      # @return [Array<String>]
+      attr_reader :observable_tags
+
       # @return [Array<Mihari::Models::Artifact>]
       attr_accessor :artifacts
 
@@ -18,10 +21,11 @@ module Mihari
       # @param [Hash] params
       #
       def initialize(rule:, options: nil, **params)
-        super(rule: rule, options: options)
+        super(rule:, options:)
 
         @url = params[:url] || Mihari.config.thehive_url
         @api_key = params[:api_key] || Mihari.config.thehive_api_key
+        @observable_tags = params[:observable_tags] || []
 
         @artifacts = []
       end
@@ -56,7 +60,7 @@ module Mihari
       private
 
       def client
-        Clients::TheHive.new(url, api_key: api_key, api_version: "v1", timeout: timeout)
+        Clients::TheHive.new(url, api_key:, api_version: "v1", timeout:)
       end
 
       #
@@ -81,10 +85,11 @@ module Mihari
             {
               data: artifact.data,
               data_type: artifact.data_type,
-              message: rule.description
+              message: rule.description,
+              tags: observable_tags
             }
           end,
-          tags: rule.tags,
+          tags: rule.tags.map(&:name),
           type: "external",
           source: "mihari",
           source_ref: SecureRandom.uuid

data/lib/mihari/emitters/webhook.rb

@@ -36,7 +36,7 @@ module Mihari
       # @param [Hash, nil] params
       #
       def initialize(rule:, options: nil, **params)
-        super(rule: rule, options: options)
+        super(rule:, options:)
 
         @url = Addressable::URI.parse(params[:url])
         @headers = params[:headers] || {}
@@ -75,14 +75,14 @@ module Mihari
         when "GET"
           http.get(url).body.to_s
         when "POST"
-          http.post(url, json: json).body.to_s
+          http.post(url, json:).body.to_s
         end
       end
 
       private
 
       def http
-        HTTP::Factory.build headers: headers, timeout: timeout
+        HTTP::Factory.build headers:, timeout:
       end
 
       #
@@ -91,7 +91,7 @@ module Mihari
       # @return [String]
       #
       def render
-        Services::JbuilderRenderer.call(template, { rule: rule, artifacts: artifacts })
+        Services::JbuilderRenderer.call(template, {rule:, artifacts:})
       end
 
       #

data/lib/mihari/enrichers/base.rb

@@ -10,7 +10,7 @@ module Mihari
       # @param [Hash, nil] options
       #
       def initialize(options: nil)
-        super(options: options)
+        super(options:)
       end
 
       #

data/lib/mihari/enrichers/google_public_dns.rb

@@ -50,7 +50,7 @@ module Mihari
       end
 
       def client
-        @client ||= Clients::GooglePublicDNS.new(timeout: timeout)
+        @client ||= Clients::GooglePublicDNS.new(timeout:)
       end
     end
   end

data/lib/mihari/enrichers/mmdb.rb

@@ -39,7 +39,7 @@ module Mihari
       end
 
       def client
-        @client ||= Clients::MMDB.new(timeout: timeout)
+        @client ||= Clients::MMDB.new(timeout:)
       end
     end
   end

data/lib/mihari/enrichers/shodan.rb

@@ -22,13 +22,13 @@ module Mihari
 
           if tapped.reverse_dns_names.empty?
             tapped.reverse_dns_names = (res&.hostnames || []).map do |name|
-              Models::ReverseDnsName.new(name: name)
+              Models::ReverseDnsName.new(name:)
             end
           end
 
           if tapped.vulnerabilities.empty?
             tapped.vulnerabilities = (res&.vulns || []).map do |name|
-              Models::Vulnerability.new(name: name)
+              Models::Vulnerability.new(name:)
             end
           end
         end
@@ -50,7 +50,7 @@ module Mihari
       end
 
       def client
-        @client ||= Clients::ShodanInternetDB.new(timeout: timeout)
+        @client ||= Clients::ShodanInternetDB.new(timeout:)
       end
     end
   end

data/lib/mihari/enrichers/whois.rb

@@ -23,7 +23,7 @@ module Mihari
         return if record.parser.available?
 
         artifact.whois_record ||= Models::WhoisRecord.new(
-          domain: domain,
+          domain:,
           created_on: get_created_on(record.parser),
           updated_on: get_updated_on(record.parser),
           expires_on: get_expires_on(record.parser),
@@ -64,7 +64,7 @@ module Mihari
         @whois ||= lambda do
           return ::Whois::Client.new if timeout.nil?
 
-          ::Whois::Client.new(timeout: timeout)
+          ::Whois::Client.new(timeout:)
         end.call
       end
 

data/lib/mihari/entities/alert.rb

@@ -3,16 +3,16 @@
 module Mihari
   module Entities
     class Alert < Grape::Entity
-      expose :id, documentation: { type: Integer, required: true }
-      expose :rule_id, documentation: { type: String, required: true }, as: :ruleId
-      expose :created_at, documentation: { type: DateTime, required: true }, as: :createdAt
+      expose :id, documentation: {type: Integer, required: true}
+      expose :rule_id, documentation: {type: String, required: true}, as: :ruleId
+      expose :created_at, documentation: {type: DateTime, required: true}, as: :createdAt
 
-      expose :artifacts, using: Entities::BaseArtifact, documentation: { type: Entities::BaseArtifact, is_array: true }
-      expose :tags, using: Entities::Tag, documentation: { type: Entities::Tag, is_array: true, required: true }
+      expose :artifacts, using: Entities::BaseArtifact, documentation: {type: Entities::BaseArtifact, is_array: true}
+      expose :tags, using: Entities::Tag, documentation: {type: Entities::Tag, is_array: true, required: true}
     end
 
     class AlertsWithPagination < Pagination
-      expose :results, using: Entities::Alert, documentation: { type: Entities::Alert, is_array: true, required: true }
+      expose :results, using: Entities::Alert, documentation: {type: Entities::Alert, is_array: true, required: true}
     end
   end
 end

data/lib/mihari/entities/artifact.rb

@@ -3,40 +3,40 @@
 module Mihari
   module Entities
     class BaseArtifact < Grape::Entity
-      expose :id, documentation: { type: Integer, required: true }
-      expose :data, documentation: { type: String, required: true }
-      expose :data_type, documentation: { type: String, required: true }, as: :dataType
-      expose :source, documentation: { type: String, required: true }
-      expose :query, documentation: { type: String, required: false }
-      expose :created_at, documentation: { type: DateTime, required: true }, as: :createdAt
-      expose :tags, using: Entities::Tag, documentation: { type: Entities::Tag, is_array: true, required: true }
+      expose :id, documentation: {type: Integer, required: true}
+      expose :data, documentation: {type: String, required: true}
+      expose :data_type, documentation: {type: String, required: true}, as: :dataType
+      expose :source, documentation: {type: String, required: true}
+      expose :query, documentation: {type: String, required: false}
+      expose :created_at, documentation: {type: DateTime, required: true}, as: :createdAt
+      expose :tags, using: Entities::Tag, documentation: {type: Entities::Tag, is_array: true, required: true}
     end
 
     class Artifact < BaseArtifact
-      expose :metadata, documentation: { type: Hash }
+      expose :metadata, documentation: {type: Hash}
       expose :autonomous_system, using: Entities::AutonomousSystem,
-        documentation: { type: Entities::AutonomousSystem, required: false }, as: :autonomousSystem
-      expose :geolocation, using: Entities::Geolocation, documentation: { type: Entities::Geolocation, required: false }
+        documentation: {type: Entities::AutonomousSystem, required: false}, as: :autonomousSystem
+      expose :geolocation, using: Entities::Geolocation, documentation: {type: Entities::Geolocation, required: false}
       expose :whois_record, using: Entities::WhoisRecord,
-        documentation: { type: Entities::WhoisRecord, required: false }, as: :whoisRecord
+        documentation: {type: Entities::WhoisRecord, required: false}, as: :whoisRecord
 
       expose :reverse_dns_names, using: Entities::ReverseDnsName,
-        documentation: { type: Entities::ReverseDnsName, is_array: true, required: false }, as: :reverseDnsNames do |status, _options|
+        documentation: {type: Entities::ReverseDnsName, is_array: true, required: false}, as: :reverseDnsNames do |status, _options|
         status.reverse_dns_names.empty? ? nil : status.reverse_dns_names
       end
       expose :dns_records, using: Entities::DnsRecord,
-        documentation: { type: Entities::DnsRecord, is_array: true, required: false }, as: :dnsRecords do |status, _options|
+        documentation: {type: Entities::DnsRecord, is_array: true, required: false}, as: :dnsRecords do |status, _options|
         status.dns_records.empty? ? nil : status.dns_records
       end
-      expose :ceps, using: Entities::CPE, documentation: { type: Entities::CPE, is_array: true, required: false },
+      expose :ceps, using: Entities::CPE, documentation: {type: Entities::CPE, is_array: true, required: false},
         as: :cpes do |status, _options|
         status.cpes.empty? ? nil : status.cpes
       end
-      expose :ports, using: Entities::Port, documentation: { type: Entities::Port, is_array: true, required: false },
+      expose :ports, using: Entities::Port, documentation: {type: Entities::Port, is_array: true, required: false},
         as: :ports do |status, _options|
         status.ports.empty? ? nil : status.ports
       end
-      expose :vulnerabilities, using: Vulnerability, documentation: { type: Vulnerability, is_array: true, required: false },
+      expose :vulnerabilities, using: Vulnerability, documentation: {type: Vulnerability, is_array: true, required: false},
         as: :vulnerabilities do |status, _options|
         status.vulnerabilities.empty? ? nil : status.vulnerabilities
       end
@@ -44,7 +44,7 @@ module Mihari
 
     class ArtifactsWithPagination < Pagination
       expose :results, using: Entities::BaseArtifact,
-        documentation: { type: Entities::Artifact, is_array: true, required: true }
+        documentation: {type: Entities::Artifact, is_array: true, required: true}
     end
   end
 end

data/lib/mihari/entities/autonomous_system.rb

@@ -3,7 +3,7 @@
 module Mihari
   module Entities
     class AutonomousSystem < Grape::Entity
-      expose :number, documentation: { type: Integer, required: true }
+      expose :number, documentation: {type: Integer, required: true}
     end
   end
 end

data/lib/mihari/entities/config.rb

@@ -3,10 +3,14 @@
 module Mihari
   module Entities
     class Config < Grape::Entity
-      expose :name, documentation: { type: String, required: true }
-      expose :type, documentation: { type: String, required: true }
-      expose :items, documentation: { type: Hash, is_array: true, required: true }
-      expose :configured, documentation: { type: Grape::API::Boolean, required: true }
+      expose :name, documentation: {type: String, required: true}
+      expose :type, documentation: {type: String, required: true}
+      expose :items, documentation: {type: Hash, is_array: true, required: true}
+      expose :configured, documentation: {type: Grape::API::Boolean, required: true}
+    end
+
+    class Configs < Grape::Entity
+      expose :results, using: Config, documentation: {type: Config, is_array: true, required: true}
     end
   end
 end

data/lib/mihari/entities/cpe.rb

@@ -3,8 +3,8 @@
 module Mihari
   module Entities
     class CPE < Grape::Entity
-      expose :name, documentation: { type: String, required: true }
-      expose :created_at, documentation: { type: DateTime, required: true }, as: :createdAt
+      expose :name, documentation: {type: String, required: true}
+      expose :created_at, documentation: {type: DateTime, required: true}, as: :createdAt
     end
   end
 end

data/lib/mihari/entities/dns.rb

@@ -3,9 +3,9 @@
 module Mihari
   module Entities
     class DnsRecord < Grape::Entity
-      expose :resource, documentation: { type: String, required: true }
-      expose :value, documentation: { type: String, required: true }
-      expose :created_at, documentation: { type: DateTime, required: true }, as: :createdAt
+      expose :resource, documentation: {type: String, required: true}
+      expose :value, documentation: {type: String, required: true}
+      expose :created_at, documentation: {type: DateTime, required: true}, as: :createdAt
     end
   end
 end

data/lib/mihari/entities/geolocation.rb

@@ -3,9 +3,9 @@
 module Mihari
   module Entities
     class Geolocation < Grape::Entity
-      expose :country, documentation: { type: String, required: true }
-      expose :country_code, documentation: { type: String, required: true }, as: :countryCode
-      expose :created_at, documentation: { type: DateTime, required: true }, as: :createdAt
+      expose :country, documentation: {type: String, required: true}
+      expose :country_code, documentation: {type: String, required: true}, as: :countryCode
+      expose :created_at, documentation: {type: DateTime, required: true}, as: :createdAt
     end
   end
 end

data/lib/mihari/entities/ip_address.rb

@@ -3,9 +3,9 @@
 module Mihari
   module Entities
     class IPAddress < Grape::Entity
-      expose :country_code, documentation: { type: String, required: true }, as: :countryCode
-      expose :asn, documentation: { type: Integer, required: false }
-      expose :loc, documentation: { type: String, required: false }
+      expose :country_code, documentation: {type: String, required: true}, as: :countryCode
+      expose :asn, documentation: {type: Integer, required: false}
+      expose :loc, documentation: {type: String, required: false}
     end
   end
 end

data/lib/mihari/entities/messages.rb

@@ -3,15 +3,15 @@
 module Mihari
   module Entities
     class Message < Grape::Entity
-      expose :message, documentation: { type: String, required: true }
+      expose :message, documentation: {type: String, required: true}
     end
 
     class ErrorMessage < Message
-      expose :detail, documentation: { type: Hash, required: false }
+      expose :detail, documentation: {type: Hash, required: false}
     end
 
     class QueueMessage < Message
-      expose :queued, documentation: { type: Grape::API::Boolean, required: true }
+      expose :queued, documentation: {type: Grape::API::Boolean, required: true}
     end
   end
 end

data/lib/mihari/entities/pagination.rb

@@ -3,9 +3,9 @@
 module Mihari
   module Entities
     class Pagination < Grape::Entity
-      expose :total, documentation: { type: Integer, required: true }
-      expose :current_page, documentation: { type: Integer, required: true }, as: :currentPage
-      expose :page_size, documentation: { type: Integer, required: true }, as: :pageSize
+      expose :total, documentation: {type: Integer, required: true}
+      expose :current_page, documentation: {type: Integer, required: true}, as: :currentPage
+      expose :page_size, documentation: {type: Integer, required: true}, as: :pageSize
     end
   end
 end

data/lib/mihari/entities/port.rb

@@ -3,8 +3,8 @@
 module Mihari
   module Entities
     class Port < Grape::Entity
-      expose :number, documentation: { type: Integer, required: true }
-      expose :created_at, documentation: { type: DateTime, required: true }, as: :createdAt
+      expose :number, documentation: {type: Integer, required: true}
+      expose :created_at, documentation: {type: DateTime, required: true}, as: :createdAt
     end
   end
 end

data/lib/mihari/entities/reverse_dns.rb

@@ -3,8 +3,8 @@
 module Mihari
   module Entities
     class ReverseDnsName < Grape::Entity
-      expose :name, documentation: { type: String, required: true }
-      expose :created_at, documentation: { type: DateTime, required: true }, as: :createdAt
+      expose :name, documentation: {type: String, required: true}
+      expose :created_at, documentation: {type: DateTime, required: true}, as: :createdAt
     end
   end
 end